Through the following post I am not purposing to influence you to start defacing, but to briefly give you a better understanding of how and why it is done.

Almost everyday I visit Zone-H’s archive of special digital attacks, I find that at least 1 or 2 attacks were done against US governmental web servers. The domain suffix of the defaced websites was *.gov. Does this fact means that they are totally secure? I don’t think so… Obviously the web servers may host very confidential data. In this case the web server administrators seemed to have allowed threats against governmental assets. Any unwanted consequences that a breach of security can lead to, are mainly caused by the irresponsibility and lazyness of system administrators and web developers.

The methodology for defacing a website is pretty standard. Here is the standard sequence of tasks that normally the crackers/defacers would follow: Footprinting, scanning, enumeration, penetration, attack, covering of tracks and installation of backdoors. As I mentioned before, the motivations for defacing any website are various, whereas when defacing governmental websites, could be a promotion of an ideology, revenge, or just a challenge.

I don’t believe that people who are serial website defacers hold good real-life jobs, or any job at all. This is just my personal opinion which is based on the fact that defacing is illegal in most countries – thus involving a high risk of getting arrested - and requires some basic knowledge, time, and patience. Advanced knowledge of technical and theoretical network security issues is not always required to deface. I think that understanding IT security theories, enhances intelligently your logical application of related practicalities. Achieving a deface could require the application of a complex exploitation methodology. This is enough reason to give up for some defacers without patience and with incomplete knowledge.

Tools assisting each step mentioned in the last paragraph are widely available for free on the internet. Most of the authors coded them for ethical, legal and educational use. Of course some were specifically coded for easily generating domain lists, exploiting security vulnerabilities, and mass-defacing websites. These are not easy to find on the web, nor are that difficult to code. Instead, individual defacers and groups exchange them in IRC channels, private forums and servers, and through instant messengers.

One example of such an IRC server is irc.gigachat.net.

Script kiddies who deface, prefer to use fancy GUIs for tools rather than command line. Command line tools seem to exceed their learning and memory capabilities, or they don’t have the will and patience to research and analyze effective methodologies used by professionals in netsec pen-testing. They would be more technically skilled and better exercise their brain to remember simple and complex command sequences in multi-OS environments. Plus they would develop their practical skill-set which may be necessary if they choose to follow an IT career at some point – if they don’t end up in jail.

Depending on their ethical and legal attitudes, usually what they want is to quickly accomplish breaking in a network, maybe lookup for confidential data, download them and deface the home pages of hosted sites. Always counting in exceptions, most probably they didn’t use their own exploits, but what was already public.

Now I’m going to quote from another of my posts the following:

“In the mind and soul of the crackers who deface high-profiled websites, there is a false sense of pride. They think that it reflects their cracking skills and status in the defacers scene. For them defacing is more like a game. The messages shown in their defacements are more like an excuse for taking part in this game. The real motivation and reasoning behind their attacks, in most of the cases is not political, patriotic or other; but is just to show off themselves and their country to the world…

They attach a nickname to their personalities and cracking abilities, and they try to raise its status in the scene. They like searching for their nicknames in news websites and showing off the link to other crackers in their IRC channel, other channels, or through their websites.”

You will be ignored if you request mentioned tools or help to deface a website. Comments are welcome of course.

defacers are extremely good. if only i’m a gifted one, i could help those people who are victimized by those defacers….wanna help `em trace and fire back at `em….. but too bad…i don’t know how….hehehe.

Nice article. I am reading “Foundations of Security” and in chapter 4 the authors have a list of exercises to do. There is webserver that is created in chapter 2 called “SimpleWebServer” that has security flaws. So for the exercise you have to add 3 methods for logging and storing file data. Then the author says to “deface” the index.html and get root access. I got stumped there lol. That’s how I ran into this site and many more. It is just interesting to see the different methods of defacing a website, but sad to see how immature people can be. That’s why I’m reading this book, to get a head start in the subject. I must saying that programming is awesome, love it. Security just makes things more interesting haha.

on 22 Jan 2010 at 5:44 am 8.shivshankar said …

Crisp and Precise info to understand a website defacement.
Good job keep it up, buddy.

on 04 Sep 2010 at 7:11 am 9.wwwww said …

all hackers have a point. we do it because it proves that nothing is secure. 100′s of sites are defaced by single hackers in a day. and why do they do it. to prove that they have as much skill as there idols. were not like all the people in the movies who steal bank accounts and all that. were living beings who want to show that no mater what you do your never going to stop us. see you on your fav sites homepage